Fix test_tag_attributes_escapes_values assertion

The 1st argument to `assert_not_includes` is the collection to search; the 2nd argument is the element to search for. Thus this test was checking if the output was included in the forbidden string, rather than checking the if the forbidden string was included in the output. Because negative assertions like this one can be fooled more easily, this commit changes the test to use `assert_equal`, as the other tests do.
rails · Jan 29, 2022 · 9648e89 · 9648e89
1 parent aaa6468
commit 9648e89
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/actionview/test/template/tag_helper_test.rb b/actionview/test/template/tag_helper_test.rb
@@ -404,7 +404,11 @@ def test_tag_attributes_inlines_html_attributes
   end
 
   def test_tag_attributes_escapes_values
-    assert_not_includes "<script>alert()</script>", render_erb(<<~HTML.strip)
+    expected_output = <<~HTML.strip
+      <input type="text" xss="&quot;&gt;&lt;script&gt;alert()&lt;/script&gt;">
+    HTML
+
+    assert_equal expected_output, render_erb(<<~HTML.strip)
       <input type="text" <%= tag.attributes xss: '"><script>alert()</script>' %>>
     HTML
   end